Lucene search

K
cve[email protected]CVE-2009-0787
HistoryMar 25, 2009 - 1:30 a.m.

CVE-2009-0787

2009-03-2501:30:00
CWE-189
web.nvd.nist.gov
39
cve-2009-0787
ecryptfs
linux kernel
out-of-bounds read
local users
security vulnerability

6.8 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

10.0%

The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory.

Affected configurations

NVD
Node
linuxlinux_kernelMatch2.6.28
OR
linuxlinux_kernelMatch2.6.28.1
OR
linuxlinux_kernelMatch2.6.28.2
OR
linuxlinux_kernelMatch2.6.28.3
OR
linuxlinux_kernelMatch2.6.28.4
OR
linuxlinux_kernelMatch2.6.28.5
OR
linuxlinux_kernelMatch2.6.28.6
OR
linuxlinux_kernelMatch2.6.28.7
OR
linuxlinux_kernelMatch2.6.28.8

6.8 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

10.0%